[apparmor] [PATCH] profiles: Add attach_disconnected flag to dnsmasq profile
Tyler Hicks
tyhicks at canonical.com
Tue Apr 12 21:27:32 UTC 2016
https://launchpad.net/bugs/1569316
When Ubuntu made the jump from network-manager 1.0.4 to 1.1.93, the
dnsmasq process spawned from network-manager started hitting a
disconnected path denial:
audit: type=1400 audit(1460463960.943:31702): apparmor="ALLOWED"
operation="connect" info="Failed name lookup - disconnected path"
error=-13 profile="/usr/sbin/dnsmasq"
name="run/dbus/system_bus_socket" pid=3448 comm="dnsmasq"
requested_mask="wr" denied_mask="wr" fsuid=65534 ouid=0
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
profiles/apparmor.d/usr.sbin.dnsmasq | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
index f7834e9..34e16cc 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -12,7 +12,7 @@
@{TFTP_DIR}=/var/tftp /srv/tftpboot
#include <tunables/global>
-/usr/sbin/dnsmasq {
+/usr/sbin/dnsmasq flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/dbus>
#include <abstractions/nameservice>
--
2.7.4
More information about the AppArmor
mailing list